Real-time soft combining, crc validation, and mic validation of decrypted packets

ABSTRACT

The apparatus receives a first PDU and a first CRC that is based on the first PDU. The first PDU is encrypted based on a first nonce. The apparatus decrypts the first PDU to obtain a first payload and a first cipher stream. The apparatus soft combines the decrypted first payload with a decrypted set of payloads. The set of payloads have been encrypted based on at least one nonce different than the first nonce. The apparatus generates a second CRC based on the soft combined decrypted payloads and based on the first cipher stream. The apparatus determines whether the generated second CRC for the soft combined decrypted payloads passes a CRC check against the first CRC.

BACKGROUND Field

The present disclosure relates generally to communication systems, andmore particularly, to soft combining of decrypted packets.

Background

A wireless personal area network (WPAN) is a personal, short-rangewireless network for interconnecting devices centered around a specificdistance from a user. WPANs have gained popularity because of theflexibility and convenience in connectivity that WPANs provide. WPANs,such as those based on short-range communication protocols (e.g., aBluetooth® (BT) protocol, a Bluetooth® Low Energy (BLE) protocol, aZigbee® protocol, etc.), provide wireless connectivity to peripheraldevices by providing wireless links that allow connectivity within aspecific distance (e.g., 5 meters, 10 meter, 20 meters, 100 meters,etc.).

BT is a short-range wireless communication protocol that supports a WPANbetween a central device (e.g., a master device) and at least oneperipheral device (e.g., a slave device). Power consumption associatedwith BT communications may render BT impractical in certainapplications, such as applications in which an infrequent transfer ofdata occurs.

To address the power consumption issue associated with BT, BLE wasdeveloped and adopted in various applications in which an infrequenttransfer of data occurs. BLE exploits the infrequent transfer of data byusing a low duty cycle operation, and switching at least one of thecentral device and/or peripheral device(s) to a sleep mode in betweendata transmissions. A BLE communications link between two devices may beestablished using, e.g., hardware, firmware, host operating system, hostsoftware stacks, and/or host application support. Example applicationsthat use BLE include battery-operated sensors and actuators in variousmedical, industrial, consumer, and fitness applications. BLE may be usedto connect devices such as BLE enabled smart phones, tablets, andlaptops. While traditional BLE offers certain advantages over BT, BLEand BT may not be able to validate the combination of decrypted datapackets in an effort to decode the data error free. Transmitted andre-transmitted data packets may be encrypted using different encryptionparameters, which may cause the re-transmitted data packets to appear asdifferent data packets despite having the same payload.

There exists a need for an operation to validate the combination ofdecrypted data packets in wireless communications where a data packetand its retransmission may be sent using different encryptionparameters.

SUMMARY

The following presents a simplified summary of one or more aspects inorder to provide a basic understanding of such aspects. This summary isnot an extensive overview of all contemplated aspects, and is intendedto neither identify key or critical elements of all aspects nordelineate the scope of any or all aspects. Its sole purpose is topresent some concepts of one or more aspects in a simplified form as aprelude to the more detailed description that is presented later.

BLE was developed and adopted in various applications in which aninfrequent transfer of data occurs. BLE exploits the infrequent transferof data by using a low duty cycle operation, and switching at least oneof the central device and/or peripheral device(s) to a sleep mode inbetween data transmissions. Example applications that use BLE includebattery-operated sensors and actuators in various medical, industrial,consumer, and fitness applications. The BLE applications often connectto devices such as BLE enabled smart phones, tablets, and laptops.

While traditional BLE offers certain advantages, the traditional BLEprotocol provides only for error detection in the payload of a datapacket through the use of a cyclic redundancy check (CRC). Thus,according to the traditional BLE protocol, retransmission is the meansby which errors in the payload may be “corrected,” where correction viaretransmission is different than the dynamic correction of the same datapacket enabled through FEC. That is, FEC actually corrects the errors inthe same data packet, while the retransmission corrects the errors ofthe current data packet by replacing the current data packet withanother version of the data payload, which may or may not includeerrors.

Failing error correction in the traditional BLE protocol, an erroneousdata packet may be replaced with a special packet that in effect definessilence or packet loss concealment. The silence packet and/or packetloss concealment may reduce communication quality because portions ofthe communication may be omitted (e.g., voice breaks during a voicecall).

As many applications, such as wireless headsets used with cellularphones, require mostly error free (e.g., low error rate data streams)data to accurately reproduce a telephone conversation, uncorrectederroneous data packets may impact a perceived quality of a givenapplication.

In addition, using the error correction techniques of traditional BLEmay not only reduce the perceived audio quality of a given application,but may also limit a transmit power reduction of a BLE air interfacepacket due to a limited sensitivity at the receiving device. Thereceiving device sensitivity may be correlated with the lowest signalpower level from which the receiving device may obtain information froma BLE air interface packet without meeting a Bit Error Rate (BER)threshold. Hence, the receiving device sensitivity may limit thetransmit power reduction for a BLE air interface packet.

Validation of a correctly received packet may be done through the use ofCRC. Incorrectly received packets may cause the packet to beretransmitted in response to a request for a new message sent to thetransmitting device by the receiving device. The two or more packets maybe combined until the receiving device can decode the message errorfree. Over the air bit errors may cause numerous retransmissions, but ifthe retransmitted packet is encrypted using different encryptionparameters, such as but not limited to Nonce, then the retransmittedpacket will appear to be different than the originally transmittedpacket despite having the same payload.

There exists a need for an error correction technique to validate thecombination of transmitted and retransmitted decrypted data packets inwireless communications (e.g., BLE) in situations where the transmittedand retransmitted packets are encrypted using different encryptionparameters (e.g., nonce).

The error correction techniques of the present disclosure promoteerror-correction in communication systems that lack FEC or otherembedded error correction mechanisms with respect to one or moreportions of a data packet by decrypting the data packet to obtain afirst payload, soft combining the decrypted first payload with adecrypted set of payloads, generating a CRC based on the soft combineddecrypted payloads, and determining whether the generated CRC passes aCRC check against a first CRC. The techniques therefore provide errorcorrection for the entire packet, including packet portions notprotected by any embedded error correction mechanism. As a result, datacommunications over noisy communication mediums may be improved as thetechniques may reduce bit error rates, and increase the sensitivity ofthe receiving device such that the transmission power of a data packetmay be reduced. For data communications involving voice or otherstreaming audio data, the techniques promote increased audio qualityover systems that do not employ the techniques described in the presentdisclosure.

In an aspect of the disclosure, a method, a computer-readable medium,and an apparatus are provided. The apparatus may receive a first packetdata unit (PDU) and a first CRC that is based on the first PDU. In oneaspect, the first PDU may be encrypted based on a first nonce. Theapparatus may decrypt the first PDU to obtain a first payload and afirst cipher stream. The apparatus may soft combine the decrypted firstpayload with a decrypted set of payloads. In one aspect, the set ofpayload may be encrypted based on at least one nonce that is differentthan the first nonce. However, in some aspects, the set of payload maybe encrypted based on a nonce that is the same as the first nonce. Theapparatus may generate a second CRC based on the soft combined decryptedpayloads and based on the first cipher stream. The apparatus maydetermine whether the generated second CRC for the soft combineddecrypted payloads passes a CRC check against the first CRC.

In another aspect of the disclosure, a method, a computer-readablemedium, and an apparatus are provided. The apparatus may receive a firstPDU and a first CRC that is based on the first PDU. In one aspect, thefirst PDU may be encrypted based on a first nonce. The apparatus maydecrypt the first PDU to obtain a first payload. The apparatus mayobtain an error bitmap by soft combining the decrypted first payloadwith a decrypted set of payloads. In one aspect, the set of payloads maybe encrypted based on at least one nonce different than the first nonce.However, in some aspects, the set of payload may be encrypted based on anonce that is the same as the first nonce. The apparatus may perform anExclusive OR (XOR) operation on the received first PDU with the obtainederror bitmap to obtain a soft combined encrypted payload. The apparatusmay generate a second CRC based on the soft combined encrypted payload.The apparatus may determine whether the generated second CRC for thesoft combined encrypted payload passes a CRC check against the firstCRC.

To the accomplishment of the foregoing and related ends, the one or moreaspects comprise the features hereinafter fully described andparticularly pointed out in the claims. The following description andthe annexed drawings set forth in detail certain illustrative featuresof the one or more aspects. These features are indicative, however, ofbut a few of the various ways in which the principles of various aspectsmay be employed, and this description is intended to include all suchaspects and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram illustrating an example of a WPAN in accordance withcertain aspects of the disclosure.

FIG. 2 is block diagram of a wireless device in accordance with certainaspects of the disclosure.

FIG. 3 is a diagram illustrating a modified BLE protocol stack inaccordance with certain aspects of the disclosure.

FIG. 4 is a block diagram illustrating a soft combining operation inaccordance with certain aspects of the disclosure.

FIG. 5 is a block diagram illustrating a header adjustment in accordancewith certain aspects of the disclosure.

FIG. 6 is a block diagram illustrating another soft combining operationin accordance with certain aspects of the disclosure.

FIG. 7 is a block diagram illustrating a MIC calculation operation inaccordance with certain aspects of the disclosure.

FIG. 8 is a block diagram illustrating another MIC calculation operationin accordance with certain aspects of the disclosure.

FIG. 9 is a flowchart of a method of wireless communication.

FIG. 10 is a conceptual data flow diagram illustrating the data flowbetween different means/components in an exemplary apparatus.

FIG. 11 is a diagram illustrating an example of a hardwareimplementation for an apparatus employing a processing system.

FIG. 12 is a flowchart of a method of wireless communication.

FIG. 13 is a conceptual data flow diagram illustrating the data flowbetween different means/components in an exemplary apparatus.

FIG. 14 is a diagram illustrating an example of a hardwareimplementation for an apparatus employing a processing system.

DETAILED DESCRIPTION

The detailed description set forth below in connection with the appendeddrawings is intended as a description of various configurations and isnot intended to represent the only configurations in which the conceptsdescribed herein may be practiced. The detailed description includesspecific details for the purpose of providing a thorough understandingof various concepts. However, it will be apparent to those skilled inthe art that these concepts may be practiced without these specificdetails. In some instances, well known structures and components areshown in block diagram form in order to avoid obscuring such concepts.

Several aspects of telecommunication systems will now be presented withreference to various apparatus and methods. These apparatus and methodswill be described in the following detailed description and illustratedin the accompanying drawings by various blocks, components, circuits,processes, algorithms, etc. (collectively referred to as “elements”).These elements may be implemented using electronic hardware, computersoftware, or any combination thereof. Whether such elements areimplemented as hardware or software depends upon the particularapplication and design constraints imposed on the overall system.

By way of example, an element, or any portion of an element, or anycombination of elements may be implemented as a “processing system” thatincludes one or more processors. Examples of processors includemicroprocessors, microcontrollers, graphics processing units (GPUs),central processing units (CPUs), application processors, digital signalprocessors (DSPs), reduced instruction set computing (RISC) processors,systems on a chip (SoC), baseband processors, field programmable gatearrays (FPGAs), programmable logic devices (PLDs), state machines, gatedlogic, discrete hardware circuits, and other suitable hardwareconfigured to perform the various functionality described throughoutthis disclosure. One or more processors in the processing system mayexecute software. Software shall be construed broadly to meaninstructions, instruction sets, code, code segments, program code,programs, subprograms, software components, applications, softwareapplications, software packages, routines, subroutines, objects,executables, threads of execution, procedures, functions, etc., whetherreferred to as software, firmware, middleware, microcode, hardwaredescription language, or otherwise.

Accordingly, in one or more example embodiments, the functions describedmay be implemented in hardware, software, or any combination thereof. Ifimplemented in software, the functions may be stored on or encoded asone or more instructions or code on a computer-readable medium.Computer-readable media includes computer storage media. Storage mediamay be any available media that can be accessed by a computer. By way ofexample, and not limitation, such computer-readable media can comprise arandom-access memory (RAM), a read-only memory (ROM), an electricallyerasable programmable ROM (EEPROM), optical disk storage, magnetic diskstorage, other magnetic storage devices, combinations of theaforementioned types of computer-readable media, or any other mediumthat can be used to store computer executable code in the form ofinstructions or data structures that can be accessed by a computer.

FIG. 1 illustrates an example WPAN 100 in accordance with certainaspects of the disclosure. Within the WPAN 100, a central device 102 mayconnect to and establish a BLE communication link 116 with one or moreperipheral devices 104, 106, 108, 110, 112, 114 using a BLE protocol ora modified BLE protocol. The BLE protocol is part of the BT corespecification and enables radio frequency communication operating withinthe globally accepted 2.4 GHz Industrial, Scientific & Medical (ISM)band.

The central device 102 may include suitable logic, circuitry,interfaces, processors, and/or code that may be used to communicate withone or more peripheral devices 104, 106, 108, 110, 112, 114 using theBLE protocol or the modified BLE protocol as described below inconnection with any of FIGS. 2-13. The central device 102 may operate asan initiator to request establishment of a link layer (LL) connectionwith an intended peripheral device 104, 106, 108, 110, 112, 114.

A LL in the BLE protocol stack and/or modified BLE protocol stack (e.g.,see FIG. 3) provides, as compared to BT, ultra-low power idle modeoperation, simple device discovery and reliable point-to-multipoint datatransfer with advanced power-save and encryption functionalities. Aftera requested LL connection is established, the central device 102 maybecome a master device and the intended peripheral device 104, 106, 108,110, 112, 114 may become a slave device for the established LLconnection. As a master device, the central device 102 may be capable ofsupporting multiple LL connections at a time with various peripheraldevices 104, 106, 108, 110, 112, 114 (slave devices). The central device102 (master device) may be operable to manage various aspects of datapacket communication in a LL connection with an associated peripheraldevice 104, 106, 108, 110, 112, 114 (slave device). For example, thecentral device 102 may be operable to determine an operation schedule inthe LL connection with a peripheral device 104, 106, 108, 110, 112, 114.The central device 102 may be operable to initiate a LL protocol dataunit (PDU) exchange sequence over the LL connection. LL connections maybe configured to run periodic connection events in dedicated datachannels. The exchange of LL data PDU transmissions between the centraldevice 102 and one or more of the peripheral devices 104, 106, 108, 110,112, 114 may take place within connection events.

In certain configurations, the central device 102 may be configured totransmit the first LL data PDU in each connection event to an intendedperipheral device 104, 106, 108, 110, 112, 114. In certain otherconfigurations, the central device 102 may utilize a polling scheme topoll the intended peripheral device 104, 106, 108, 110, 112, 114 for aLL data PDU transmission during a connection event. The intendedperipheral device 104, 106, 108, 110, 112, 114 may transmit a LL dataPDU upon receipt of packet LL data PDU from the central device 102. Incertain other configurations, a peripheral device 104, 106, 108, 110,112, 114 may transmit a LL data PDU to the central device 102 withoutfirst receiving a LL data PDU from the central device 102.

Examples of the central device 102 may include a cellular phone, a smartphone, a session initiation protocol (SIP) phone, a mobile station(STA), a laptop, a personal computer (PC), a desktop computer, apersonal digital assistant (PDA), a satellite radio, a globalpositioning system, a multimedia device, a video device, a digital audioplayer (e.g., MP3 player), a camera, a game console, a tablet, a smartdevice, a wearable device (e.g., smart watch, wireless headphones,etc.), a vehicle, an electric meter, a gas pump, a toaster, athermostat, a hearing aid, a blood glucose on-body unit, anInternet-of-Things (IoT) device, or any other similarly functioningdevice.

Examples of the one or more peripheral devices 104, 106, 108, 110, 112,114 may include a cellular phone, a smart phone, a SIP phone, a STA, alaptop, a PC, a desktop computer, a PDA, a satellite radio, a globalpositioning system, a multimedia device, a video device, a digital audioplayer (e.g., MP3 player), a camera, a game console, a tablet, a smartdevice, a wearable device (e.g., smart watch, wireless headphones,etc.), a vehicle, an electric meter, a gas pump, a toaster, athermostat, a hearing aid, a blood glucose on-body unit, an IoT device,or any other similarly functioning device. Although the central device102 is illustrated in communication with six peripheral devices 104,106, 108, 110, 112, 114 in the WPAN 100, the central device 102 maycommunicate with more or fewer than six peripheral devices within theWPAN 100 without departing from the scope of the present disclosure.

Referring again to FIG. 1, in certain aspects, the central device 102and/or a peripheral device (e.g., peripheral device 112) may beconfigured to perform a soft combine operation after the decryption ofdata packets if the transmission and the re-transmission of data packetsare encrypted using different nonces (120), e.g., as described below inconnection with any of FIGS. 2-13.

FIG. 2 is block diagram of a wireless device 200 in accordance withcertain aspects of the disclosure. The wireless device 200 maycorrespond to, e.g., the central device 102, and/or one of peripheraldevices 104, 106, 108, 110, 112, 114 described above in connection withFIG. 1. In certain aspects, the wireless device 200 may be a BLE enableddevice. However, the disclosure is not intended to be limited to thewireless device 200 being a BLE enabled device. In some aspects, thewireless device 200 may be a BT Classic enabled device, an 802.15.4Zigbee enabled or any wireless device configured to communicate viashort-range communication protocols.

As shown in FIG. 2, the wireless device 200 may include a processingelement, such as processor(s) 202, which may execute programinstructions for the wireless device 200. The wireless device 200 mayalso include display circuitry 204 which may perform graphics processingand provide display signals to the display 242. The processor(s) 202 mayalso be coupled to memory management unit (MMU) 240, which may beconfigured to receive addresses from the processor(s) 202 and translatethe addresses to address locations in memory (e.g., memory 206, ROM 208,Flash memory 210) and/or to address locations in other circuits ordevices, such as the display circuitry 204, radio 230, connectorinterface 220, and/or display 242. The MMU 240 may be configured toperform memory protection and page table translation or set up. In someembodiments, the MMU 240 may be included as a portion of theprocessor(s) 202.

As shown, the processor(s) 202 may be coupled to various other circuitsof the wireless device 200. For example, the wireless device 200 mayinclude various types of memory, a connector interface 220 (e.g., forcoupling to the computer system), the display 242, and wirelesscommunication circuitry (e.g., for Wi-Fi, BT, BLE, cellular, etc.). Thewireless device 200 may include a plurality of antennas 235 a, 235 b,235 c, 235 d, for performing wireless communication with other BLEdevices.

In certain aspects, the wireless device 200 may include hardware andsoftware components (a processing element) configured to perform a softcombine operation after the decryption of data packets if thetransmission and the re-transmission of data packets are encrypted usingdifferent nonces, e.g., using the techniques described below inconnection with any FIGS. 3-13. The wireless device 200 may alsocomprise BLE firmware or other hardware/software for controlling BLEoperations. In addition, the wireless device 200 may store and execute awireless local area network (WLAN) software driver for controlling WLANoperations.

The wireless device 200 may be configured to implement part or all ofthe techniques described below in connection with any of FIGS. 3-13,e.g., by executing program instructions stored on a memory medium (e.g.,a non-transitory computer-readable memory medium) and/or throughhardware or firmware operation. In other embodiments, the techniquesdescribed below in connection with any of FIGS. 3-13 may be at leastpartially implemented by a programmable hardware element, such as afield programmable gate array (FPGA), and/or an application specificintegrated circuit (ASIC).

In certain aspects, radio 230 may include separate controllersconfigured to control communications for various respective radio accesstechnology (RAT) protocols. For example, as shown in FIG. 2, radio 230may include a WLAN controller 250 configured to control WLANcommunications and a short-range communications controller 252configured to control short-range communications (e.g., BLEcommunications). A coexistence interface 254 (e.g., a wired interface)may be used for sending information between the WLAN controller 250 andthe short-range communication controller 252.

In some aspects, one or more of the WLAN controller 250 and/or theshort-range communications controller 252 may be implemented ashardware, software, firmware or some combination thereof.

In certain aspects, the WLAN controller 250 may be configured tocommunicate with a second device using a WLAN link using all of theantennas 235 a, 235 b, 235 c, 235 d. In certain configurations, theshort-range communication controller 252 may be configured to implementa BLE protocol stack (see FIG. 3), and communicate with at least onesecond device using one or more of the antennas 235 a, 235 b, 235 c, 235d. The short-range communication controller 252 may be configured toperform a soft combine operation after the decryption of data packets ifthe transmission and the re-transmission of data packets are encryptedusing different nonces.

FIG. 3 illustrates a BLE protocol stack 300 that may be implemented in aBLE device in accordance with certain aspects of the present disclosure.For example, the BLE protocol stack 300 may be implemented by, e.g., oneor more of processor(s) 202, memory 206, Flash memory 210, ROM 208, theradio 230, and/or the short-range communication controller 252illustrated in FIG. 2.

Referring to FIG. 3, the BLE protocol stack 300 may be organized intothree blocks, namely, the Application block 302, the Host block 304, andthe Controller block 306. Application block 302 may be a userapplication which interfaces with the other blocks and/or layers of theBLE protocol stack 300. The Host block 304 may include the upper layersof the BLE protocol stack 300, and the Controller block 306 may includethe lower layers of the modified BLE protocol stack 300.

The Host block 304 may communicate with a BLE controller (e.g.,short-range communication controller 252 in FIG. 2) in a wireless deviceusing a Host Controller Interface (HCI) (not shown in FIG. 3). The HCImay also be used to interface the Controller block 306 with the Hostblock 304. Interfacing the Controller block 306 and the Host block 304may enable a wide range of Hosts to interface with the Controller block306.

The Application block 302 may include a higher-level Application Layer(App) 308, and the BLE protocol stack 300 may run under the App 308. TheHost block 304 may include a Generic Access Profile (GAP) 310, a GenericAttribute Protocol (GATT) 312, a Security Manager (SM) 314, an AttributeProtocol (ATT) 316, and a Logical Link Control and Adaptation Protocol(L2CAP) 318. The Controller block 306 may include a LL 320 and aPhysical Layer (PHY) 322.

The PHY 322 may define the mechanism for transmitting a bit stream overa physical link that connects BLE devices. The bit stream may be groupedinto code words or symbols, and converted to a PDU that is transmittedover a transmission medium. The PHY 322 may provide an electrical,mechanical, and procedural interface to the transmission medium. Theshapes and properties of the electrical connectors, the frequency bandused for transmission, the modulation scheme, and similar low-levelparameters may be specified by the PHY 322.

The LL 320 may be responsible for low level communication over the PHY322. The LL 320 may manage the sequence and timing for transmitting andreceiving data packets, and using a LL protocol, communicates with otherdevices regarding connection parameters and data flow control. The LL320 may provide gate keeping functionality to limit exposure and dataexchange with other devices. If filtering is configured, the LL 320 maymaintain a list of allowed devices and ignore all requests for dataexchange from devices not on the list. The LL 320 may also reduce powerconsumption. The LL 320 may use the HCI (not shown in FIG. 3) tocommunicate with upper layers of the BLE protocol stack 300. The LL 320may include a third party's proprietary LL that may be used to discoverpeer devices (e.g., other devices associated with the third party), andestablish a secure communication channel therewith.

In certain aspects, the LL 320 may be responsible for transporting datapackets between devices in a WPAN. Each data packet may include alogical transport address LT_ADDR in a header field, which specifies thetype of logical transport used to carry the data packet. Logicaltransports may exist between a master device and slave devices.Additionally, some logical transports may carry multiple logical links.

One type of logical transport is an ACL logical transport. The ACLlogical transport may be used to carry data packets such as the datapacket described below with reference to FIG. 4. Each device may receivea default ACL logical transport when the device joins the WPAN. Each ACLlogical transport may carry one or more ACL communication links, whichare distinguished by a Logical Link ID (LLID) field of the header.Retransmitted data packets carried via an ACL communication link may bereceived automatically if unacknowledged by the receiver device,allowing for correction of a radio link that is subject to interference.The ACL logical transport may permit communication of data fortime-sensitive or time-bounded applications, such as streaming services,voice applications including Voice over Internet Protocol (VoW) and morestandard, cellular telephone calls. Failing error correction, anerroneous data packet carried via an ACL communication link may bereplaced with a special communication packet that in effect definessilence or packet loss concealment when the traditional BLE protocol isimplemented. The special silence communication packet and/or packet lossconcealment may reduce the communication quality experienced over ACLcommunication links because portions of the communications may beomitted (e.g., voice breaks during a voice call).

The L2CAP 318 may encapsulate multiple protocols from the upper layersinto a data packet format (and vice versa). The L2CAP 318 may also breakpackets with a large data payload from the upper layers into multiplepackets with the data payload segmented into smaller size data payloadsthat fit into a maximum payload size (e.g., 27 bytes) on the transmitside. Similarly, the L2CAP 318 may receive multiple data packetscarrying a data payload that has been segmented, and the L2CAP 318 maycombine the segmented data payload into a single data packet carryingthe data payload that may be sent to the upper layers.

The ATT 316 may be a client/server protocol based on attributesassociated with a BLE device configured for a particular purpose (e.g.,monitoring heart rate, monitoring temperature, broadcastingadvertisements, etc.). The attributes may be discovered, read, andwritten by peer devices. The set of operations which are executed overATT 316 may include, but are not limited to, error handling, serverconfiguration, find information, read operations, write operations,queued writes, etc. The ATT 316 may form the basis of data exchangebetween BLE devices.

The SM 314 may be responsible for device pairing and key distribution. Asecurity manager protocol implemented by the SM 314 may define howcommunications with the SM of a counterpart BLE deice are performed. TheSM 314 may provide additional cryptographic functions that may be usedby other components of the BLE protocol stack 300. The architecture ofthe SM 314 used in BLE may be designed to minimize recourse requirementsfor peripheral devices by shifting work to an assumingly more powerfulcentral device. BLE uses a pairing mechanism for key distribution. TheSM 314 provides a mechanism to not only encrypt the data but also toprovide data authentication.

The GATT 312 describes a service framework using the attribute protocolfor discovering services, and for reading and writing characteristicvalues on a peer device. The GATT 312 interfaces with the App 308through the App's profile. The App 308 profile defines the collection ofattributes and any permission needed for the attributes to be used inBLE communications.

The GAP 310 may provide an interface for the App 308 to initiate,establish, and manage connection with counterpart BLE devices.

BLE provides for a method to transmit, and retransmit, a message untilthe receiving device decodes the message error free. Validation of acorrectly received packet may be done through the use of CRC and/orMessage Integrity Check (MIC). When packets are encrypted using AES-CCM,for example, the CRC is calculated on the encrypted packet. On thetransmit side, when the CRC is generated and transmitted, the CRC isbased on the encrypted data. In order for the CRC to be validated on thereceive side, the encrypted data is analyzed by the receiver.

Incorrectly received packets may cause the packet to be retransmitted inresponse to a request for a new message (e.g., NACK) sent to thetransmitting device by the receiving device. The transmitted packet andretransmitted packets may be soft combined until the receiving devicecan decode the message error free. However, if the same packet isencrypted using different cipher streams during the transmission andretransmission, then the retransmitted packet will not appear the sameas the originally transmitted packet despite having the same payload.

For example, extended synchronous connection oriented (eSCO) packets areused for audio, and the eSCO packet transmission and each retransmissionare each encrypted using a different nonce (e.g., counter). In addition,the cipher stream which encrypts the eSCO packet is also different. Softcombining is the process of combining received bits during differentreceptions in order to guess the correct bit. Soft combining eSCOpackets will not work if the soft combining is performed beforedecryption because different nonces are used to encrypt the packet. IfeSCO packets are soft combined after the packets are decrypted, then CRCvalidation cannot be performed directly on the corrected soft combineddata because the CRC is calculated on the encrypted data. This thuspresents the dilemma of how to validate the CRC. The packets have beendecrypted to generate the corrected soft combined data, but validationof the CRC cannot be done on the decrypted data, validation of the CRCmust occur on the encrypted data since the CRC has been calculated basedon the encrypted data.

Thus, there exists a need for an error correction technique to validatethe combination of transmitted and retransmitted decrypted data packetsin BLE communications in situations where the transmitted andretransmitted packets are encrypted using different nonces and/or cipherstreams.

The present disclosure provides an error correction technique tovalidate the combination of transmitted and retransmitted decrypted datapackets that have been encrypted using different nonces and/or cipherstreams. The error correction technique may be configured to validatethe CRC (based on the encrypted data) against a CRC calculated on thedata that has been decrypted and soft combined to generate thereconstructed data, but without re-encrypting the soft combinedreconstructed data.

FIG. 4 illustrates a block diagram 400 illustrating a soft combiningoperation in accordance with certain aspects of the present disclosure.FIG. 5 is a block diagram 500 illustrating a header adjustment inaccordance with certain aspects of the disclosure. The soft combiningoperation may occur in communications between a first device and seconddevice in a WPAN in accordance with certain aspects of the disclosure.The first device may correspond to, e.g., central device 102, peripheraldevice 104, 106, 108, 110, 112, 114, wireless device 200, the apparatus902/902′, or the mesh node 950. The second device may correspond to,e.g., central device 102, peripheral device 104, 106, 108, 110, 112,114, wireless device 200, the apparatus 902/902′, or the mesh node 950.

As seen in FIG. 4, the first device (e.g., transmitting device) maytransmit encrypted data 402 to the second device (e.g., receivingdevice). The encrypted data 402 may include a first PDU and a first CRCthat was calculated based on the encrypted first PDU. In some aspects,the first PDU may be encrypted based on a first nonce. The second devicereceives the encrypted data 402 provides the encrypted data 402 to thedecryption block 404. The decryption block 404 decrypts the encrypteddata 402 and outputs decrypted data 406 (e.g., first payload) and acipher stream 408. The decryption block 404 is configured to generatethe cipher stream 408 that was used to encrypt the encrypted data 402.The cipher stream 408 may also be used to decrypt the data.

The decryption block 404 outputs the decrypted data 406 to the real timesoft combining (RTSC) block 410. In some aspects, the decrypted data 406may be soft combined with a decrypted set of payloads at the RTSC block410. The decrypted set of payloads may be encrypted based on at leastone nonce that is different than the first nonce used to encrypt thefirst PDU. However, in some aspects, the decrypted set of payloads maybe encrypted based on a nonce that is the same as the first nonce. Thedecrypted set of payloads may be previously received data packets thatmay be stored within the RTSC block 410 or may be stored in a memorythat is external to the RTSC block 410. For example, the receivingdevice may receive a set of PDUs, prior to receiving the encrypted data402, and may attempt to decrypt each PDU in the set of PDUs after thePDU is received to obtain a corresponding decrypted payload of thedecrypted set of payloads. The receiving device may be configured totransmit a negative acknowledgement (NACK) in the event that thereceiving device fails to properly validate a received CRC, based on theencrypted data, against a calculated CRC, based on the soft combineddata. The transmission of the NACK from the receiving device to thetransmitting device may indicate that the PDU was improperly received.In response to the NACK, the transmitting device sends another PDU tothe receiving device. In some aspects, the retransmitted PDU may be thefirst PDU from the encrypted data 402.

The RTSC block 410 may be configured to soft combine the decrypted data406 with previously received data in an effort to correct previouscorrupt reception or improper reception of the same packet. The RTSCblock 410 cannot operate on encrypted data because the encryption (e.g.,nonce) changes from packet to packet, whereas decrypting the encrypteddata 402 allows the RTSC block 410 to generate soft combined decrypteddata 412 to reconstruct the data. However, as discussed above, BLEspecifications require the CRC to be calculated on the encrypted data,not the decrypted data. The reconstructed data (e.g., soft combineddecrypted data 412) generated by the RTSC block 410 is a combination ofdecrypted data, and a CRC calculated based on the decrypted data, alone,does not allow the first CRC based on the encrypted data to bevalidated. The first CRC based on the encrypted data needs to bevalidated to determine whether the soft combined decrypted data 412 hasbeen properly received. Upon the determination that the soft combineddecrypted data 412 has been properly received, the receiving device maysend an acknowledgement (ACK) to the transmitting device. The ACKprovides an indication to the transmitting device that the receivingdevice has properly received the PDU.

The RTSC block 410 outputs the soft combined decrypted data 412 to CRCgenerator 414. The CRC generator 414 is configured to generate a CRCbased on the soft combined decrypted data 412. Although the CRCgenerated by the CRC generator 414 is a CRC based on decrypted data,this CRC may be utilized to calculate a CRC generated by the receivingdevice based on the reconstructed data without re-encrypting thereconstructed data. The CRC, generated by the CRC generator 414, basedon the decrypted data may be further processed in order for the CRC tomimic as if it was generated based on encrypted data.

While the decryption block 404 is decrypting the encrypted data 402, thedecryption block 404, in parallel, will output the cipher stream 408.The cipher stream 408 is outputted to the CRC generator 416, and may beconfigured to generate a CRC of only the cipher stream 408. The CRC ofthe cipher stream 408, generated by the CRC generator 416, may be usedin conjunction with the CRC of the soft combined decrypted data 412,generated by the CRC generator 414, to generate a calculated CRC 420which may then be used to validate the received CRC based on encrypteddata (e.g., first CRC). The calculated CRC 420 may be based on the softcombined decrypted data 412 and based on the first cipher stream 408.

The disclosure takes advantage of the linear properties of CRCpolynomials to further process the CRC generated by the CRC generator414, based on the soft combined decrypted data, and to further processthe CRC generated by the CRC generator 416, based on the cipher stream,to validate the CRC based on encrypted data. For example:

crc(x⊕y)=crc(x)⊕crc(y)

If x is the unencrypted data, and y is the cipher stream used to encryptthe data, then it follows that the CRC of the encrypted data will beequal to the XOR of the individual CRC of the decrypted data and thecipher stream. Thus:

CRC(encrypted data)=CRC(decrypted data)⊕CRC(cipher stream)

In BLE unencrypted data is encrypted by using the cipher stream. Forexample, XORing the unencrypted data with the cipher stream yields theencrypted data. The cipher stream may also be used to decrypt encrypteddata. For example, XORing the encrypted data with the same cipher streamwill result in the decrypted data. For example, in the expression x⊕y=zwhere x is unencrypted data, y is a cipher stream, and z is encrypteddata, the unencrypted data x is encrypted by the cipher stream y byXORing the cipher stream and the unencrypted data, and results inencrypted data z. The cipher stream may be used to encrypt and decryptdata, in instances where the same cipher stream is used to perform both.In such instances, XORing the encrypted data z and the same cipherstream y, used to encrypt the unencrypted data x, would result in thedecrypted data x, or as stated as follows if x⊕y=z, then z⊕y=x.

A CRC may be initialized with a seed, and both the transmitting deviceand the receiving device need to know the initial seed in order for theCRC (e.g., calculated CRC 420) to be correct. As such, the seed needs tobe applied to one of the CRCs that is being generated by CRC generators414, 416 in order for the calculated CRC 420 to be correct. In addition,the header also needs to be adjusted in order for the calculated CRC 420to be correct when the CRC based on the soft combined decrypted data 412is XORed with the CRC based on the cipher stream 408. In some aspects, apayload header 502 may be appended to the soft combined decrypted data412 prior to the CRC generator 414 generating the CRC based on the softcombined decrypted data 412. In some aspects, the cipher stream 408 maybe zero padded 504 prior to the CRC generator 416 generating the CRCbased on the cipher stream 408. In yet some aspects, the payload header502 may be appended to the soft combined decrypted data 412, and thefirst cipher stream 408 may be zero padded 504 prior to the calculatedCRC 420 being generated. For example, as shown in FIG. 5, the decrypteddata 406 is soft combined to reconstruct the correct data as it goesthrough the RTSC block 410, but the header does not run through the RTSCblock 410. Instead, the header is provided to the payload header 502after the data is decrypted by the decryption block 404. As the headerportion is being processed by the decryption block 404, a cipher streamportion corresponding to the header portion is not generated by thedecryption block 404 since the header is not encrypted. The header isprovided to the payload header 502, and is provided to the CRC generator414 prior to the soft combined decrypted data 412. As the payload header502 is being provided to the CRC generator 414, the cipher stream 408 isnot provided to the CRC generator 416. Instead, a zero padding stream504 is provided to the CRC generator 416 that may be configured tocorrespond with the payload header 502 provided to the CRC generator414. Once the payload header 502 has been fully received by the CRCgenerator 414, then a first switch may be toggled to form a connectionwith the output of the RTSC Block 410 and allow the soft combineddecrypted data 412 to be fed into the CRC generator 414. Additionally,once the corresponding zero padding stream 504 has been fully receivedby the CRC generator 416, a second switch may then be toggled to form aconnection with an output of the decryption block 404 corresponding tothe cipher stream 408, to allow the cipher stream 408 to be fed into theCRC generator 416.

The length of the zero padding stream 504 may be equal to the length ofthe payload header 502. The length of the zero padding stream 504 may beequal to the length of the payload header 502 to ensure that when thegenerated CRC based on the soft combined decrypted data 412 is XORedwith the generated CRC based on the cipher stream 408, the payloadheader 502 is XORed with the zero padding stream 504. Performing an XORof the payload header 502 with the zero padding stream 504 will yieldthe payload header 502, and essentially mimics the header beingencrypted with a cipher stream of all zeros. This will assist inensuring that the calculated CRC 420 includes the correct headerinformation, so that when the calculated CRC 420 is checked against thereceived CRC, at 422, the calculated CRC 420 can be validated.Validating the calculated CRC 420 indicates that the soft combineddecrypted data 412 is correct, at which point, the receiving device maysend an ACK back to the transmitting device.

At least one advantage of the disclosure is that the linear propertiesof CRC allows the header to be appended to either the soft combineddecrypted data 412 or the cipher stream 408. For example, in someaspects, the header may be appended to the cipher stream 408 instead ofthe soft combined decrypted data 412. In such aspects, the header isprovided to the CRC generator 416 prior to the cipher stream 408, andthe zero padding stream is provided to the CRC generator 414 prior tothe soft combined decrypted data 412. Once the header has been fullyreceived by the CRC generator 416, the cipher stream 408 may be fed intothe CRC generator 416. In addition, once the zero padding stream hasbeen fully received by the CRC generator 414, the soft combineddecrypted data 412 may be fed into the CRC generator 414. Prefixing thesoft combined decrypted data 412 with the header before being fed intothe CRC generator 414, and similarly prefixing the cipher stream 408with the zero padding stream for the length equal to the header lengthprovides the header adjustment to ensure that the calculated CRC 420 canbe properly validated against the received CRC.

Referring back to FIG. 4, the CRC generator 414 outputs the generatedCRC based on soft combined decrypted data 412 into the XOR block 418,and the CRC generator 416 outputs the generated CRC based on the cipherstream 408 into the XOR block 418. The result of the XOR between thesetwo generated CRCs results in the calculated CRC 420. The XOR betweenthe CRC of the soft combined decrypted data 412 and the CRC of thecipher stream 408 produces the CRC of the encrypted data, as discussedabove. Since the encrypted data is the result of the unencrypted dataXOR with the cipher stream, then it follows that the CRC of theencrypted data is the result of the CRC of the decrypted data XOR withthe CRC of the cipher stream, where the CRC of the decrypted data iscalculated based on decrypted data (e.g., soft combined decrypted data412) which may be corrected decrypted data. Thus, XORing the CRC of thedecrypted data and the CRC of the cipher stream may be configured tovalidate the calculated CRC 420 with the CRC of the encrypted data 402.

The calculated CRC 420 is outputted to CRC check box 422, where thecalculated CRC 420 is compared against the received encrypted CRC (e.g.,first CRC) to determine if the calculated CRC 420 passes a CRC checkagainst the encrypted CRC. If the calculated CRC 420 passes a CRC checkagainst the encrypted CRC (e.g., both being the same), then theencrypted data has been successfully combined such that the receivingdevice sends an ACK to the transmitting device. However, if thecalculated CRC 420 is not the same as the encrypted CRC, then theencrypted data has not been successfully combined, and the receivingdevice may send a NACK to the transmitting device. At least oneadvantage of the disclosure is that the CRC of the soft combineddecrypted data 412 may be utilized to validate the calculated CRC 420without having to re-encrypt the data, which can enhance efficiency andreduce processing resources. At least another advantage of thedisclosure is that if the encrypted data is not successfully combinedand causes a NACK to be sent to the transmitting device, and anotherdata packet being sent to the receiving device, the non-successfullycombined data can be utilized by the RTSC block 410 to assist ingenerating the soft combined decrypted data 412. As discussed above, thedecrypted data 406 may be soft combined with the decrypted set ofpayloads at the RTSC block 410. In some aspects, the decrypted set ofpayloads may be encrypted based on at least one nonce that is differentthan the first nonce used to encrypt the first PDU. However, in someaspects, the decrypted set of payloads may be encrypted based on a noncethat is the same as the first nonce. While in some aspects, thedecrypted set of payloads may be previously received data packets.

FIG. 6 illustrates a block diagram 600 illustrating an aspect of a softcombining operation in accordance with certain aspects of the presentdisclosure. The aspect of FIG. 6 leverages the Advanced EncryptionStandard (AES) encryption property that if some bits of an encryptedpacket got flipped due to over-the-air corruption and if the corruptedpacket is decrypted with the correct cipher stream, then the decryptedpacket will have the same erroneous bits as the corrupted encryptedpacket.

The soft combing operation of FIG. 6 may occur in communications betweena first device and a second device in a WPAN in accordance with certainaspects of the disclosure. The first device may correspond to, e.g.,central device 102, peripheral device 104, 106, 108, 110, 112, 114,wireless device 200, the apparatus 902/902′, or the mesh node 950. Thesecond device may correspond to, e.g., central device 102, peripheraldevice 104, 106, 108, 110, 112, 114, wireless device 200, the apparatus902/902′, or the mesh node 950.

With reference to FIG. 6, the first device (e.g., transmitting device)may transmit encrypted data 602 to the second device (e.g., receivingdevice). The encrypted data 602 may be similar to encrypted data 402 ofFIG. 4. The encrypted data 602 may include a first PDU and a first CRCthat was calculated based on the encrypted first PDU. In some aspects,the first PDU may be encrypted based on a first nonce. The second devicereceives the encrypted data 602 and the encrypted data 602 is providedto the decryption block 604. The decryption block 604 may be configuredin a manner similar to the decryption block 404 of FIG. 4. Thedecryption block 604 decrypts the encrypted data 602 (e.g., first PDU)and outputs decrypted data 606 (e.g., first payload).

The decryption block 604 outputs the decrypted data 606 to a RTSC block608. In some aspects, the decryption block 604 may be configured toprovide the decrypted data 606 to the RTSC block 608 in a packet of 128bits. The RTSC block 608 may be configured in a manner similar to theRTSC block 410. In some aspects, the decrypted data 606 may be softcombined with a decrypted set of payloads at the RSTC block 608. In someaspects, the set of payloads have been encrypted based on at least onenonce that is different than the first nonce. However, in some aspects,the set of payload may be encrypted based on a nonce that is the same asthe first nonce. In some aspects, the decrypted set of payloads may bepreviously received data packets that may be stored within the RTSCblock 608 or may be stored in a memory that is external to the RTSCblock 608. For example, the receiving device may receive a set of PDUs,prior to receiving the encrypted data 602, and may attempt to decrypteach PDU in the set of PDUs after the PDU is received to obtain acorresponding decrypted payload of the decrypted set of payloads. Thereceiving device may be configured to transmit a NACK in the event thatthe receiving device fails to properly validate a received CRC, based onthe encrypted data, against a calculated CRC, based on the soft combineddata. The transmission of the NACK from the receiving device to thetransmitting device may indicate that the PDU was improperly received.In response to the NACK, the transmitting device sends another PDU tothe receiving device. In some aspects, the retransmitted PDU may be thefirst PDU from the encrypted data 602.

The RTSC block 608 may be configured to soft combine the decrypted data606 with the decrypted set of payload in order to reconstruct the dataand generate an error bitmap 610. In some aspects, additionalinformation may be soft combined with the decrypted data 606, such asbut not limited to, previous corrupted receptions of the same packetand/or soft bit information from modem. The RTSC block 608 will outputthe reconstructed decrypted data along with the error bitmap 610 whichmay be a list of the bits which were erroneous e.g., bits that gotflipped due to over-the-air corruption. In some aspects, thereconstructed data and/or the erroneous bitmap may be 128 bits long. Theerror bitmap may be arranged to track which bits may have flipped or areerroneous when the RTSC block 608 is soft combining the decrypted data606.

The RSTC block 608 outputs the error bitmap 610 to the XOR block 612.The XOR block 612 also receives an input of the encrypted data 602. TheXOR block 612 XORs the encrypted data 602 (e.g., first PDU) with thegenerated error bitmap 610 to obtain a soft combined encrypted data 614.A CRC is generated based on the soft combined encrypted data 614 and isthen submitted to Check CRC box 616. The Check CRC box 616 determineswhether the CRC generated based on the soft combined encrypted data 614passes a CRC check against the first CRC of the encrypted data 602. Ifthe CRCs match then the data after the soft combining is valid, and thereceiving device sends an ACK to the transmitting device, indicatingthat the packet has been properly received. However, if the CRC based onthe soft combined encrypted data 614 does not pass the CRC check atCheck CRC box 616, then the soft combined encrypted data 614 has notbeen successfully combined, and the receiving device may send a NACK tothe transmitting device. At least one advantage of the disclosure isthat the aspect of FIG. 6 generates a CRC based on the soft combinedencrypted data 614, which is consistent with the BLE requirements. Yetanother advantage of the disclosure is that the aspect of FIG. 6 yieldsthe same results as the aspect of FIG. 4, because it is mathematicallyequivalent to the aspect of FIG. 4.

FIG. 7 illustrates a block diagram 700 illustrating an aspect of amessage integrity check (MIC) calculation operation in accordance withcertain aspects of the present disclosure. A MIC includes informationthat may be used to authenticate a data packet. The MIC may be used bythe receiving device to confirm that the received data came from astated transmitting device (e.g., data packet authenticity), and toconfirm that a payload has not been changed (e.g., data packetintegrity). The MIC protects both payload integrity and the authenticityof the data packet by enabling a receiving device to detect any changesto the payload. The block diagram 700 is similar, in part, to the blockdiagram 400 of FIG. 4, and has many similar components that operate in amanner similar to the corresponding components of FIG. 4, such as butnot limited to an RTSC block, a CRC generator that generates a CRC basedon soft combined decrypted data, a CRC generator that generates a CRCbased on the cipher stream, and that a calculated CRC is checked againstthe received CRC. However, the block diagram 700 may be configured tocalculate the MIC based on the decrypted data and is validated againstthe received MIC included in the encrypted data 702. A discussion of thesimilar components of block diagrams 400 and 700 is not included hereinin an effort to reduce duplicative work. The discussion of FIG. 7 willbe directed towards the additional components and/or features that arenot present in the diagram 400 of FIG. 4.

As shown in FIG. 7, the transmitting device transmits the encrypted data702 to the receiving device. The encrypted data 702 is provided to thedecryption block 704. The decryption block 704 may be configured togenerate the decrypted data 710 from the encrypted data 702. In someaspects, the decryption block 704 may comprise an AES decryption block706 that generates the decrypted data 710 from the encrypted data 702.The AES decryption block 706 receives the encrypted data 702 andgenerates the decrypted data 710, which is outputted from the decryptionblock 704 into the RTSC block 714. The disclosure is not intended to belimited to a decryption block comprising the AES decryption block. Insome aspects, the decryption block 704 may be comprised of manydifferent known encryption/decryption blocks. The RTSC block 714 may beconfigured in a manner similar to the RTSC block 410 of FIG. 4. The RTSCblock 714 receives the decrypted data 710 and may be soft combined witha decrypted set of payloads at the RTSC block 714, in a manner similarto the RTSC block 410. The decrypted set of payloads may be encryptedbased on at least one nonce that is different than the first nonce usedto encrypt the first PDU. However, in some aspects, the set of payloadmay be encrypted based on a nonce that is the same as the first nonce.The decrypted set of payloads may be previously received data packetsthat may be stored within the RTSC block 714 or may be stored in amemory that is external to the RTSC block 714. For example, thereceiving device may receive a set of PDUs, prior to receiving theencrypted data 702, and may attempt to decrypt each PDU in the set ofPDUs after the PDU is received to obtain a corresponding decryptedpayload of the decrypted set of payloads.

The RTSC block 714 may be configured to soft combine the decrypted data710 with previously received data in an effort to correct previouscorrupt reception or improper reception of the same packet, similarly asdiscussed above for RTSC block 410. The RTSC block 714 generatesreconstructed data (e.g., soft combined decrypted data 716) and outputthe soft combined decrypted data 716 to the CRC generator 718, also in amanner similar to the RTSC block 410. However, the RTSC block 714further outputs the soft combined decrypted data 716 back to thedecryption block 704 to calculate the MIC. In some aspects, thedecryption block 704 may further comprise an AES MIC calculation block708 for MIC calculation. The AES MIC calculation block 708 generates acalculated MIC 728 based on the corrected data (e.g., soft combineddecrypted data 716). The disclosure is not intended to be limited to aMIC calculation block comprising the AES MIC calculation block 708. Insome aspects, the MIC calculation block may be comprised of manydifferent known MIC calculation blocks. At block 730, the calculated MIC728 is checked against the received MIC from within the encrypted data702. If the calculated MIC 728 is the same as the received MIC from theencrypted data 702, then the soft combined decrypted data 716 isvalidated as being correct, such that the contents of the packet havenot changed in the transmission from the transmitting device to thereceiving device. However, if the calculated MIC 728 is not the same asthe received MIC, then the soft combined decrypted data 716 may not beproperly corrected by the RTSC block 714 and the calculated MIC 728fails. In some aspects, if the calculated MIC fails, then something mayhave occurred with the link between the transmitting device and thereceiving device resulting in one or more bits getting flipped.

The calculated MIC 728 may be configured to be validated in instanceswhen the calculated CRC passes the CRC check against the CRC receivedfrom the transmitting device. Validating the calculated MIC 728 when thecalculated CRC passes the CRC check ensures that the calculated MIC 728is calculated based on corrected data (e.g., soft combined decrypteddata) generated by the RTSC block. Thus, validating the calculated MIC728 occurs after the calculated CRC has been validated.

FIG. 8 illustrates a block diagram 800 illustrating an aspect of a MICcalculation operation in accordance with certain aspects of the presentdisclosure. The block diagram 800 is similar, in part, to the blockdiagram 600 of FIG. 6, and has many similar components that operate in amanner similar to the corresponding components of FIG. 6, such as butnot limited to an RTSC block that generates an error bitmap, an XORblock that XORs encrypted data and the error bitmap to generate acalculated CRC. The block diagram 800 may be configured to calculate theMIC based on the decrypted data, similarly as the diagram 700 of FIG. 7,and is validated against the received MIC included in the encrypted data802. A discussion of the similar components of block diagrams 600 and800 is not included herein in an effort to reduce duplicative work. Thediscussion of FIG. 8 may be directed towards the additional componentsand/or features that are not present in the diagram 600.

As shown in FIG. 8, the transmitting device transmits the encrypted data802 to the receiving device. The encrypted data 802 is provided to thedecryption block 804. The decryption block 804 may be configured togenerate the decrypted data 810 from the encrypted data 802. In someaspects, the decryption block 804 comprises an AES decryption block 806that generates the decrypted data 810 from the encrypted data 802. TheAES decryption block 806 receives the encrypted data 802 and generatesthe decrypted data 810, which is outputted from the decryption block 804into the RTSC block 812. The disclosure is not intended to be limited toa decryption block comprising the AES decryption block. In some aspects,the decryption block 804 may be comprised of many different knownencryption/decryption blocks. The RTSC block 812 may be configured in amanner similar to the RTSC block 608 of FIG. 6. The RTSC block 812receives the decrypted data 810 and generates an error bitmap 814 thatis provided to the XOR block 818 which generates a calculated CRC 820based on the XOR of the error bitmap 814 and the encrypted data 802.

The RSTC block 812 may be further configured to generate a soft combineddecrypted data stream 816 that is fed back into the decryption block 804to calculate the MIC. In some aspects, the decryption block 804 mayfurther comprise an AES MIC calculation block 808 for MIC calculation.The AES MIC calculation block 808 generates a calculated MIC 824 basedon the corrected data (e.g., soft combined decrypted data 816). Thedisclosure is not intended to be limited to a MIC calculation blockcomprising the AES MIC calculation block 808. In some aspects, the MICcalculation block may be comprised of many different known MICcalculation blocks. At block 826, the calculated MIC 824 is checkedagainst the received MIC from within the encrypted data 802. If thecalculated MIC 824 is the same as the received MIC from the encrypteddata 802, then the soft combined decrypted data 816 is validated asbeing correct, such that the contents of the packet have not changed inthe transmission from the transmitting device to the receiving device.However, if the calculated MIC 824 is not the same as the received MIC,then the soft combined decrypted data 816 may not be properly correctedby the RTSC block 812 and the calculated MIC 824 fails. As in thediagram 700 of FIG. 7, the calculated MIC 824 may be configured to bevalidated in instances when the calculated CRC passes the CRC checkagainst the CRC received from the transmitting device. Validating thecalculated MIC 824 when the calculated CRC passes the CRC check assistsin ensuring that the calculated MIC 824 is calculated based on thecorrected data (e.g., soft combined decrypted data 816) generated by theRTSC block. As such, validation of the calculated MIC 824 occurs afterthe calculated CRC has been first validated.

FIG. 9 is a flowchart 900 of a method of wireless communication. Themethod may be performed by a first device (e.g., the central device 102,peripheral device 104, 106, 108, 110, 112, 114, wireless device 200, theapparatus 1002/1002′) in communication with a second device (e.g.,central device 102, peripheral device 104, 106, 108, 110, 112, 114,wireless device 200). In FIG. 9, optional operations are indicated withdashed lines.

Referring to FIG. 9, at 901, the first device may receive a set of PDUs,as discussed in reference to FIGS. 4, 5, and 7. At 903, the first devicemay decrypt, at decryption block 404, 704, each PDU in the set of PDUsafter the PDU is received to obtain a corresponding decrypted payload ofthe decrypted set of payloads, as discussed in reference to FIGS. 4, 5,and 7. At 905, the first device may be configured to send a NACK afterfailing to properly validate a received CRC, based on the encrypteddata, against a calculated CRC, based on the soft combined data. In suchaspects, the first device sending the NACK may indicate that the PDU wasimproperly received by the first device. In some aspects, a first PDU(e.g., encrypted data 402, 702) may be received based on the sent NACK.

At 902, the first device may receive the first PDU (e.g., encrypted data402, 702) and a first CRC that is based on the first PDU. In someaspects, as discussed in reference to FIGS. 4, 5 and 7, the first PDU(e.g., encrypted data 402, 702) may be encrypted based on a first nonce.

At 904, the first device may decrypt, at decryption block 404, 704, thefirst PDU (e.g., encrypted data 402, 702) to obtain a first payload(e.g., decrypted data 406, 710) and a first cipher stream (e.g., cipherstream 408, 712). For example, with reference to FIGS. 4, 5 and 7, thedecryption block 404, 704 receives the encrypted data 402, 702 andgenerates the decrypted data 406, 710 and a cipher stream 408, 712. At906, the first device may be configured to decrypt the first PDU, atdecryption block 704, to obtain a first message integrity check (MIC).

At 908, the first device may be configured to soft combine the decryptedfirst payload with a decrypted set of payloads. For example, the RTSCblock 410, 714 may be configured to real time soft combine the decrypteddata 406, 710 with a decrypted set of payloads. In some aspects, thedecrypted set of payloads may comprise previously received decrypteddata packets, as discussed above in reference to 903. In some aspects,the set of payload may have been encrypted based on at least one noncedifferent than the first nonce. However, in some aspects, the set ofpayload may be encrypted based on a nonce that is the same as the firstnonce. At 909, the first device may be configured to append a payloadheader (e.g., payload header 502) to the soft combined decryptedpayloads (e.g., soft combined decrypted data 412, 716) and zero padding(e.g., zero padding stream 504) the first cipher stream (e.g., cipherstream 408, 712) before generating a second CRC (e.g., calculated CRC420, 724).

At 910, the first device may be further configured to generate a secondMIC (e.g., calculated MIC 728 of FIG. 7) based on the soft combineddecrypted payloads (e.g., soft combined decrypted payloads 716).

At 912, the first device may be configured to generate a second CRC(e.g., calculated CRC 420, 724) based on the soft combined decryptedpayloads (e.g., soft combined decrypted payloads 412, 716) and based onthe first cipher stream (e.g., cipher stream 408, 712). In some aspects,for example at 913, to generate the second CRC (e.g., calculated CRC420, 724) the first device may be configured to generate a third CRC, atCRC generator 414, 718, based on the soft combined decrypted payloads(e.g., soft combined decrypted data 412, 716). In some aspects, forexample at 915, the first device may be further configured to generate afourth CRC, at CRC generator 416, 720, based on the first cipher stream(e.g., cipher stream 408, 712). In some aspects, for example at 917, thefirst device may be configured to XOR, at XOR 418, 722, the third CRCand the fourth CRC to obtain the second CRC (e.g., calculated CRC 420,724). In some aspects, the first device may be configured to append aheader (e.g., header payload 502) to the soft combined decryptedpayloads (e.g., soft combined decrypted data 412, 716) before generatingthe third CRC, at CRC generator 414, and zero padding (e.g., zeropadding stream 504) the first cipher stream (e.g., cipher stream 408,712) before generating the fourth CRC, at CRC generator 416, 720.

At 914, the first device may determine whether the generated second CRC(e.g., calculated CRC 420, 724) for the soft combined decrypted payloadspasses a CRC check (e.g., block 422, 726) against the first CRC. If thegenerated second CRC does not pass the CRC check, then at 918, a NACK issent by the first device to the second device, which results in aretransmission of the PDU and the process is repeated starting at 902.If the generated second CRC does pass the CRC check, then at 916, thefirst device may determine whether the generated second MIC (e.g.,calculated MIC 728) passes a MIC check (e.g., MIC check 730) against thefirst MIC. If the generated second MIC does not pass the MIC check, thenat 918, a NACK is sent by the first device to the second device, whichmay result in the retransmission of the PDU and the process is repeatedstarting at 902. If the generated second MIC does pass the MIC check,then at 920, the first device may transmit an ACK to the second device.The transmission of an ACK to the second device indicates that the PDUwas properly received, such that the soft combined decrypted data 412,716 was properly combined.

FIG. 10 is a conceptual data flow diagram 1000 illustrating the dataflow between different means/components in an exemplary apparatus 1002.The apparatus may be a first device (e.g., central device 102,peripheral device 104, 106, 108, 110, 112, 114, wireless device 200, theapparatus 1002′) in communication with a second device (e.g., centraldevice 102, peripheral device 104, 106, 108, 110, 112, 114, wirelessdevice 200). The apparatus may include a reception component 1004, adecryption component 1006, a first CRC generator component 1008, a softcombine component 1010, a decrypted payloads component 1012, a secondCRC generator component 1014, an XOR component 1016, a CRC checkcomponent 1018, and a broadcast component 1020.

The reception component 1004 may be configured to receive a first PDUand a first CRC that is based on the first PDU from the second device1050. In some aspects, the first PDU (e.g., encrypted data 402) may beencrypted based on a first nonce. In some aspects, the first device mayreceive a set of PDUs, and decrypt, at decryption block 404, each PDU inthe set of PDUs after the PDU is received to obtain a correspondingpayload of the decrypted set of payloads, as discussed in reference toFIGS. 4, 5 and 7. In some aspects, the first device may be configured tosend a NACK after failing to properly validate, at block 422, 726, areceived CRC, based on the encrypted data, against a calculated CRC,based on the soft combined data. In such aspects, the first devicesending the NACK may indicate that the PDU was improperly received bythe first device. In some aspects, the first PDU (e.g., encrypted data402, 702) may be received based on the sent NACK.

The decryption component 1006 may be configured to receive the encrypteddata 402, 702 (e.g., first PDU) from the reception component 1004 anddecrypt the first PDU to obtain a first payload and a first cipherstream. For example, with reference to FIG. 4, 5, and 7, the decryptionblock 404, 704 receives the encrypted data 402, 702 and generates thedecrypted data 406, 710 and a cipher stream 408, 712. In some aspects,the decryption component 1006 may be configured to decrypt the firstPDU, by decryption block 704, to obtain a first message integrity check(MIC). In some aspects, the decryption component 1006 may be configuredto generate a second MIC (e.g., calculated MIC 728 of FIG. 7) based onthe soft combined decrypted payloads (e.g., soft combined decryptedpayloads 716).

The first CRC generator component 1008 may be configured to receive thecipher stream 408, 712 from the decryption component 1006 and generate,at CRC generator 416, 720, a CRC based on the cipher stream 408, 712.The soft combine component 1010 may be configured to soft combine, atRTSC block 410, 714, the decrypted first payload (e.g., decrypted data406, 710) with a decrypted set of payloads. The decrypted payloadscomponent 1012 may be configured to store a set of payloads that havebeen encrypted based on at least one nonce different than the firstnonce and provide the set of payloads to the soft combine component1010. However, in some aspects, the set of payload may be encryptedbased on a nonce that is the same as the first nonce. In some aspects,the decrypted set of payloads may comprise previously received decrypteddata packets.

The second CRC generator component 1014 may be configured to receive thesoft combined decrypted data from the soft combine component andgenerate a CRC, at CRC generator 414, 718, based on the soft combineddecrypted data 412, 716. The XOR component 1016 may be configured toreceive the CRC generated by the first CRC generator component 1008 andthe CRC generated by the second CRC generator component 1014 to generatea second CRC (e.g., calculated CRC 420, 724) based on the soft combineddecrypted payloads (e.g., soft combined decrypted payloads 412, 716) andbased on the first cipher stream (e.g., cipher stream 408, 712). In someaspects, a payload header (e.g., payload header 502) may be appended tothe soft combined decrypted payloads (e.g., soft combined decrypted data412, 716) and zero padding (e.g., zero padding stream 504) may beappended to the first cipher stream (e.g., cipher stream 408, 712)before generating the second CRC (e.g., calculated CRC 420, 724).

The CRC check component 1018 may be configured to determine whether thegenerated second CRC (e.g., calculated CRC 420, 724) for the softcombined decrypted payloads passes a CRC check (e.g., block 422, 726)against the first CRC. The MIC check component 1020 may be configured todetermine whether the calculated MIC (e.g., calculated MIC 728) passes aMIC check (e.g., block 730) against the first MIC. The broadcastcomponent 1022 may be configured to transmit an ACK or a NACK to thesecond device 1050 based on whether the generated second CRC (e.g.,calculated CRC 420, 724) for the soft combined decrypted payloads passesa CRC check and/or whether the calculated MIC 728 passes a MIC checkagainst the MIC received with the encrypted data. For example, if thecalculated CRC 420, 724 passes the CRC check, then the broadcastcomponent 1022 may transmit an ACK to the second device 1050 indicatingthat the PDU was properly received. In other aspects, if the calculatedCRC 420 does not pass the CRC check, then the broadcast component 1022may transmit a NACK to the second device 1050 indicating that the PDUwas not properly received, and the second device 1050 retransmitsanother PDU. In some aspects, if the calculated MIC 728 does not passthe MIC check, then the broadcast component 1022 may transmit the NACKto the second device 1050, while in some aspects, if the calculated MIC728 does pass the MIC check, then the broadcast component 1022 maytransmit the ACK to the second device 1050 indicating that the PDU wasproperly received.

The apparatus may include additional components that perform each of theblocks of the algorithm in the aforementioned flowcharts of FIGS. 4, 5,and 7. As such, each block in the aforementioned flowcharts of FIGS. 4,5, and 7 may be performed by a component and the apparatus may includeone or more of those components. The components may be one or morehardware components specifically configured to carry out the statedprocesses/algorithm, implemented by a processor configured to performthe stated processes/algorithm, stored within a computer-readable mediumfor implementation by a processor, or some combination thereof.

FIG. 11 is a diagram 1100 illustrating an example of a hardwareimplementation for an apparatus 1002′ employing a processing system1114. The processing system 1114 may be implemented with a busarchitecture, represented generally by the bus 1124. The bus 1124 mayinclude any number of interconnecting buses and bridges depending on thespecific application of the processing system 1114 and the overalldesign constraints. The bus 1124 links together various circuitsincluding one or more processors and/or hardware components, representedby the processor 1104, the components 1004, 1006, 1008, 1010, 1012,1014, 1016, 1018, 1020, 1022 and the computer-readable medium/memory1106. The bus 1124 may also link various other circuits such as timingsources, peripherals, voltage regulators, and power management circuits,which are well known in the art, and therefore, will not be describedany further.

The processing system 1114 may be coupled to a transceiver 1110. Thetransceiver 1110 is coupled to one or more antennas 1120. Thetransceiver 1110 provides a means for communicating with various otherapparatus over a transmission medium. The transceiver 1110 receives asignal from the one or more antennas 1120, extracts information from thereceived signal, and provides the extracted information to theprocessing system 1114, specifically the reception component 1004. Inaddition, the transceiver 1110 receives information from the processingsystem 1114, specifically the broadcast component 1020, and based on thereceived information, generates a signal to be applied to the one ormore antennas 1120. The processing system 1114 includes a processor 1104coupled to a computer-readable medium/memory 1106. The processor 1104 isresponsible for general processing, including the execution of softwarestored on the computer-readable medium/memory 1106. The software, whenexecuted by the processor 1104, causes the processing system 1114 toperform the various functions described supra for any particularapparatus. The computer-readable medium/memory 1106 may also be used forstoring data that is manipulated by the processor 1104 when executingsoftware. The processing system 1114 further includes at least one ofthe components 1004, 1006, 1008, 1010, 1012, 1014, 1016, 1018, 1020, and1022. The components may be software components running in the processor1104, resident/stored in the computer readable medium/memory 1106, oneor more hardware components coupled to the processor 1104, or somecombination thereof.

In certain configurations, the apparatus 1002/1002′ for wirelesscommunication may include means for receiving a first packet data unit(PDU) and a first cyclic redundancy check (CRC) that is based on thefirst PDU, the first PDU being encrypted based on a first nonce, meansfor decrypting the first PDU to obtain a first payload and a firstcipher stream, means for soft combining the decrypted first payload witha decrypted set of payloads, the set of payloads having been encryptedbased on at least one nonce different than the first nonce, means forgenerating a second CRC based on the soft combined decrypted payloadsand based on the first cipher stream, means for determining whether thegenerated second CRC for the soft combined decrypted payloads passes aCRC check against the first CRC, means for receiving a set of PDUs,means for decrypting each PDU in the set of PDUs after the PDU isreceived to obtain a corresponding decrypted payload of the decryptedset of payloads, means for sending a negative ACK (NACK), after failingto properly validate a received CRC, based on the encrypted data,against a calculated CRC, based on the soft combined data, indicatingthat the PDU was improperly received, means for wherein the first PDU isreceived based on the sent NACK, means for appending a payload header tothe soft combined decrypted payloads and zero padding the first cipherstream before generating the second CRC, means for generating a thirdCRC based on the soft combined decrypted payloads, means for generatinga fourth CRC based on the first cipher stream, means for XORing thegenerated third CRC and the generated fourth CRC to obtain the secondCRC, means for appending a header to the soft combined decryptedpayloads before generating the third CRC, means for zero padding thefirst cipher stream before generating the fourth CRC, wherein the firstPDU is decrypted further to obtain a first message integrity check(MIC), further comprising means for generating a second MIC based on thesoft combined decrypted payloads, further comprising means fordetermining whether the generated second MIC passes a MIC check againstthe first MIC. The aforementioned means may be one or more of theaforementioned processor(s) 202, the short-range communicationscontroller 252, and/or radio 230 in FIG. 2, components of apparatus1002/1002′ configured to perform the functions recited by theaforementioned means.

FIG. 12 is a flowchart 1200 of a method of wireless communication. Themethod may be performed by a first device (e.g., the central device 102,peripheral device 104, 106, 108, 110, 112, 114, wireless device 200, theapparatus 1002/1002′) in communication with a second device (e.g.,central device 102, peripheral device 104, 106, 108, 110, 112, 114,wireless device 200). In FIG. 12, optional operations are indicated withdashed lines.

Referring to FIG. 12, at 1201, the first device may be configured toreceive a set of PDUs, as discussed in reference to FIGS. 6 and 8. At1203, the first device may decrypt, at decryption block 604, 804, eachPDU in the set of PDUs after the PDU is received to obtain acorresponding decrypted payload of the decrypted set of payloads, asdiscussed in reference to FIGS. 6 and 8. At 1205, the first device maybe configured to send a NACK after failing to properly validate areceived CRC, based on the encrypted data, against a calculated CRC,based on the soft combined data. In such aspects, the first devicesending the NACK may indicate that the PDU was improperly received bythe first device. In some aspects, a first PDU (e.g., encrypted data602, 802) may be received by the first device based on the sent NACK.

At 1202, the first device may receive a first PDU (e.g., encrypted data602, 802) and a first CRC that is based on the first PDU. In someaspects, as discussed in reference to FIGS. 6 and 8, the first PDU(e.g., encrypted data 602, 802) may be encrypted based on a first nonce.

At 1204, the first device may be configured to decrypt, at decryptionblock 604, 804, the first PDU (e.g., encrypted data 602, 802) to obtaina first payload (e.g., decrypted data 606, 810). For example, withreference to FIGS. 6 and 8, the decryption block 604, 804 receives theencrypted data 602, 802 and generates the decrypted data 606, 810. At1206, the first device may be configured to decrypt, at decryption block804, the first PDU (e.g., encrypted data 802) to obtain a first MIC.

At 1208, the first device may be configured to soft combine, at RTSCblock 608, 812, the decrypted first payload (e.g., decrypted data 606,810) with a decrypted set of payloads to obtain an error bitmap 610,814. In some aspects, the set of payloads have been encrypted based onat least one nonce different than the first nonce. However, in someaspects, the set of payloads may be encrypted based on a nonce that isthe same as the first nonce. At 1210, the first device may be configuredto generate a second MIC (e.g., calculated MIC 824) based on the softcombined decrypted payloads (e.g., soft combined decrypted data 816).For example, the decrypted data 810 is soft combined at the RTSC block812 and the soft combined decrypted data 816 is outputted back to thedecryption block 804, so that that decryption block 804 can furtherdecrypt the soft combined decrypted data 816 to obtain the second MIC(e.g., calculated MIC 824). In some aspects, the decryption block 804may comprise an AES block for MIC calculation 808, which receives thesoft combined decrypted data 816 and generates a calculated MIC 824based on the soft combined decrypted data 816.

At 1212, the first device may be configured to XOR, at XOR 612, 818, thereceived first PDU (e.g., encrypted data 602, 802) with the obtainederror bitmap 610, 814 to obtain a soft combined encrypted payload. At1214, the first device may be configured to generate a second CRC (e.g.,calculated CRC 820) based on the soft combined encrypted payload 614which is the result of the XOR of the received first PDU (e.g.,encrypted data 602, 802) and the obtained error bitmap 610, 814.

At 1216, the first device may determine whether the generated second CRC(e.g., calculated CRC 820) for the soft combined encrypted payload(e.g., soft combined encrypted data 614) passes a CRC check, at CRCcheck 616, 822, against the first CRC based on the encrypted data 602,802. If the generated second CRC does not pass the CRC check, the at1220, a NACK is sent by the first device to the second device, whichresults in a retransmission of the PDU, and the process is repeatedstarting at 1202. If the generated second CRC does pass the CRC check,then at 1218, the first device may determine whether the generatedsecond MIC (e.g., calculated MIC 824) passes a MIC check (e.g., MICcheck 826) against the first MIC. If the generated second MIC does notpass the MIC check, then at 1220, a NACK is sent by the first device tothe second device, which may result in the retransmission of the PDU andthe process is repeated starting at 1202. If the generated second MICdoes pass the MIC check, then at 1222, the first device may transmit anACK to the second device. The transmission of an ACK to the seconddevice indicates that the PDU was properly received, such that the softcombined decrypted data performed at RTSC block 608, 812, was properlycombined.

In yet some aspects, an ACK may be sent by the first device when boththe generated second CRC (e.g., calculated CRC 820) passes the CRC check616 against the first CRC and the generated second MIC (e.g., calculatedMIC 824) passes a MIC check 826 against the first MIC.

FIG. 13 is a conceptual data flow diagram 1300 illustrating the dataflow between different means/components in an exemplary apparatus 1302.The apparatus may be a first device (e.g., central device 102,peripheral device 104, 106, 108, 110, 112, 114, wireless device 200, theapparatus 1002′) in communication with a second device (e.g., centraldevice 102, peripheral device 104, 106, 108, 110, 112, 114, wirelessdevice 200). The apparatus includes a reception component 1304, adecryption component 1306, a soft combine component 1308, a decryptedpayloads component 1310, an XOR component 1312, a CRC generatorcomponent 1314, a CRC check component 1316, MIC check component 1318,and a broadcast component 1320.

The reception component 1304 may be configured to receive a first PDUand a first CRC that is based on the first PDU from the second device1350. In some aspects, the first PDU (e.g., encrypted data 602, 802) maybe encrypted based on a first nonce. In some aspects, the first devicemay receive a set of PDUs, and decrypt, at decryption block 604, 804,each PDU in the set of PDUs after the PDU is received to obtain acorresponding payload of the decrypted set of payloads, as discussed inreference to FIGS. 6, 8. In some aspects, the first device may beconfigured to send a NACK after failing to properly validate, at block616, 822 a received CRC, based on the encrypted data, against acalculated CRC, based on the soft combined data. In such aspects, thefirst device sending the NACK may indicate that the PDU (e.g., encrypteddata 602, 802) was improperly received by the first device. In someaspects, the first PDU (e.g., encrypted data 602, 802) may be receivedbased on the sent NACK.

The decryption component 1306 may be configured to receive the encrypteddata (e.g., first PDU) from the reception component 1304 and decrypt, atdecryption block 604, 804, the first PDU to obtain a first payload(e.g., decrypted data 606, 810). In some aspects, the first PDU may bedecrypted further, at decryption block 804, to obtain a first MICcorresponding to the first PDU (e.g., encrypted data 602, 802).

The soft combine component 1308 may be configured to soft combine, atRTSC block 612, 812, the decrypted first payload (e.g., decrypted data606, 810) with a decrypted set of payloads to obtain an error bitmap814. In some aspects, the set of payloads have been encrypted based onat least one nonce different than the first nonce. However, in someaspects, the set of payload may be encrypted based on a nonce that isthe same as the first nonce. The MIC generator component 1318 may beconfigured to generate a second MIC (e.g., calculated MIC 824) based onthe soft combined decrypted payloads (e.g., soft combined decrypted data816). For example, the decrypted data 810 is soft combined at the RTSCblock 812 and the soft combined decrypted data 816 is outputted back tothe decryption block 804, so that that decryption block 804 can furtherdecrypt the soft combined decrypted data 816 to obtain the second MIC(e.g., calculated MIC 824). In some aspects, the decryption block 804comprises an AES block for MIC calculation 808, which receives the softcombined decrypted data 816 and generates a calculated MIC 824 based onthe soft combined decrypted data 816.

The XOR component 1312 may be configured to receive the error bitmap 814from the soft combine component 1308 and receive the encrypted data 802to perform an XOR operation between the error bitmap 814 and theencrypted data 802 to obtain a soft combined encrypted payload (e.g.,soft combined encrypted data 614). The CRC generator component 1314 mayreceive the soft combined encrypted data from the XOR component 1312 inorder to generate a second CRC (e.g., calculated CRC 820) based on thesoft combined encrypted payload 614. The CRC check component 1316 may beconfigured to determine whether the generated second CRC (e.g.,calculated CRC 820) for the soft combined encrypted payload (e.g., softcombined encrypted data 614) passes a CRC check, at CRC check 616,against the first CRC based on the encrypted data 602. The MIC checkcomponent 1320 may be configured to determine whether the generated MIC(e.g., calculated MIC 824) passes a MIC check (e.g., block 826) againstthe first MIC based on the encrypted data. The broadcast component 1322may be configured to transmit an ACK when both the generated CRC (e.g.,calculated CRC 820) passes the CRC check 822 against the first CRC basedon the first PDU, and when the generated second MIC (e.g., calculatedMIC 824) passes the MIC check 826 against the first MIC based on thefirst PDU. If the generated second CRC does not pass the CRC check thenthe broadcast component 1322 may transmit a NACK to the second device,which may result in a retransmission of the PDU. If the generated secondCRC does pass the CRC check, then the MIC check component 1320 maydetermine whether the generated second MIC (e.g., calculated MIC 824)passes the MIC check (e.g., MIC check 826) against the first MIC. If thegenerated second MIC does not pass the MIC check, then the broadcastcomponent 1322 may send NACK to the second device, which may result inthe retransmission of the PDU. If the generated second MIC does pass theMIC check, then the broadcast component 1322 may transmit an ACK to thesecond device 1350. The transmission of an ACK to the second device 1350indicates that the PDU was properly received, such that the softcombined decrypted data performed at RTSC block 608, 812, was properlycombined.

The apparatus may include additional components that perform each of theblocks of the algorithm in the aforementioned flowcharts of FIGS. 6 and8. As such, each block in the aforementioned flowcharts of FIGS. 6 and 8may be performed by a component and the apparatus may include one ormore of those components. The components may be one or more hardwarecomponents specifically configured to carry out the statedprocesses/algorithm, implemented by a processor configured to performthe stated processes/algorithm, stored within a computer-readable mediumfor implementation by a processor, or some combination thereof.

FIG. 14 is a diagram 1400 illustrating an example of a hardwareimplementation for an apparatus 1302′ employing a processing system1414. The processing system 1414 may be implemented with a busarchitecture, represented generally by the bus 1424. The bus 1424 mayinclude any number of interconnecting buses and bridges depending on thespecific application of the processing system 1414 and the overalldesign constraints. The bus 1424 links together various circuitsincluding one or more processors and/or hardware components, representedby the processor 1404, the components 1304, 1306, 1308, 1310, 1312,1314, 1316, 1318 and the computer-readable medium/memory 1406. The bus1424 may also link various other circuits such as timing sources,peripherals, voltage regulators, and power management circuits, whichare well known in the art, and therefore, will not be described anyfurther.

The processing system 1414 may be coupled to a transceiver 1410. Thetransceiver 1410 is coupled to one or more antennas 1420. Thetransceiver 1410 provides a means for communicating with various otherapparatus over a transmission medium. The transceiver 1410 receives asignal from the one or more antennas 1420, extracts information from thereceived signal, and provides the extracted information to theprocessing system 1414, specifically the reception component 1304. Inaddition, the transceiver 1410 receives information from the processingsystem 1414, specifically the broadcast component 1320, and based on thereceived information, generates a signal to be applied to the one ormore antennas 1420. The processing system 1414 includes a processor 1404coupled to a computer-readable medium/memory 1406. The processor 1404 isresponsible for general processing, including the execution of softwarestored on the computer-readable medium/memory 1406. The software, whenexecuted by the processor 1404, causes the processing system 1414 toperform the various functions described supra for any particularapparatus. The computer-readable medium/memory 1406 may also be used forstoring data that is manipulated by the processor 1404 when executingsoftware. The processing system 1414 further includes at least one ofthe components 1304, 1306, 1308, 1310, 1312, 1314, 1316, 1318, 1320, and1322. The components may be software components running in the processor1404, resident/stored in the computer readable medium/memory 1406, oneor more hardware components coupled to the processor 1404, or somecombination thereof.

In certain configurations, the apparatus 1302/1302′ for wirelesscommunication may include means for receiving a first packet data unit(PDU) and a first cyclic redundancy check (CRC) that is based on thefirst PDU, the first PDU being encrypted based on a first nonce, meansfor decrypting the first PDU to obtain a first payload, means forobtaining an error bitmap by soft combining the decrypted first payloadwith a decrypted set of payloads, the set of payloads having beenencrypted based on at least one nonce different than the first nonce,means for XORing the received first PDU with the obtained error bitmapto obtain a soft combined encrypted payload, means for generating asecond CRC based on the soft combined encrypted payload, means fordetermining whether the generated second CRC for the soft combinedencrypted payload passes a CRC check against the first CRC, means forreceiving a set of PDUs, means for decrypting each PDU in the set ofPDUs after the PDU is received to obtain a corresponding decryptedpayload of the decrypted set of payloads, means for sending a negativeACK (NACK), after failing to properly validate a received CRC, based onthe encrypted data, against a calculated CRC, based on the soft combineddata, indicating that the PDU was improperly received, wherein the firstPDU is received based on the sent NACK, wherein the first PDU isdecrypted further to obtain a first message integrity check (MIC),further comprising means for generating a second MIC based on the softcombined decrypted payloads, wherein the ACK is sent when both thegenerated second CRC passes the CRC check against the first CRC and thegenerated second MIC passes a MIC check against the first MIC. Theaforementioned means may be one or more of the aforementionedprocessor(s) 202, the short-range communications controller 252, and/orradio 230 in FIG. 2, components of apparatus 1002/1002′ configured toperform the functions recited by the aforementioned means.

Although the present disclosure discusses the scheme of validating thecombination of decrypted data packets in relation to BLE technologies,it is understood that such scheme may also be applicable to BTtechnologies. In addition, the scheme may be applied to 802.15.4 basedprotocols, such as Zigbee, or any other wireless protocol wherein apacket and its retransmitted packets may be sent using differentencryption parameters.

It is understood that the specific order or hierarchy of blocks in theprocesses/flowcharts disclosed is an illustration of exemplaryapproaches. Based upon design preferences, it is understood that thespecific order or hierarchy of blocks in the processes/flowcharts may berearranged. Further, some blocks may be combined or omitted. Theaccompanying method claims present elements of the various blocks in asample order, and are not meant to be limited to the specific order orhierarchy presented.

The previous description is provided to enable any person skilled in theart to practice the various aspects described herein. Variousmodifications to these aspects will be readily apparent to those skilledin the art, and the generic principles defined herein may be applied toother aspects. Thus, the claims are not intended to be limited to theaspects shown herein, but is to be accorded the full scope consistentwith the language claims, wherein reference to an element in thesingular is not intended to mean “one and only one” unless specificallyso stated, but rather “one or more.” The word “exemplary” is used hereinto mean “serving as an example, instance, or illustration.” Any aspectdescribed herein as “exemplary” is not necessarily to be construed aspreferred or advantageous over other aspects. Unless specifically statedotherwise, the term “some” refers to one or more. Combinations such as“at least one of A, B, or C,” “one or more of A, B, or C,” “at least oneof A, B, and C,” “one or more of A, B, and C,” and “A, B, C, or anycombination thereof” include any combination of A, B, and/or C, and mayinclude multiples of A, multiples of B, or multiples of C. Specifically,combinations such as “at least one of A, B, or C,” “one or more of A, B,or C,” “at least one of A, B, and C,” “one or more of A, B, and C,” and“A, B, C, or any combination thereof” may be A only, B only, C only, Aand B, A and C, B and C, or A and B and C, where any such combinationsmay contain one or more member or members of A, B, or C. All structuraland functional equivalents to the elements of the various aspectsdescribed throughout this disclosure that are known or later come to beknown to those of ordinary skill in the art are expressly incorporatedherein by reference and are intended to be encompassed by the claims.Moreover, nothing disclosed herein is intended to be dedicated to thepublic regardless of whether such disclosure is explicitly recited inthe claims. The words “module,” “mechanism,” “element,” “device,” andthe like may not be a substitute for the word “means.” As such, no claimelement is to be construed as a means plus function unless the elementis expressly recited using the phrase “means for.”

What is claimed is:
 1. A method of wireless communication, comprising:receiving a first packet data unit (PDU) and a first cyclic redundancycheck (CRC) that is based on the first PDU, the first PDU beingencrypted based on a first nonce; decrypting the first PDU to obtain afirst payload and a first cipher stream; soft combining the decryptedfirst payload with a decrypted set of payloads, the set of payloadshaving been encrypted based on at least one nonce different than thefirst nonce; generating a second CRC based on the soft combineddecrypted payloads and based on the first cipher stream; and determiningwhether the generated second CRC for the soft combined decryptedpayloads passes a CRC check against the first CRC.
 2. The method ofclaim 1, further comprising: receiving a set of PDUs; decrypting eachPDU in the set of PDUs after the PDU is received to obtain acorresponding decrypted payload of the decrypted set of payloads; andsending a negative ACK (NACK), after failing to properly validate areceived CRC against a calculated CRC, indicating that the PDU wasimproperly received, wherein the first PDU is received based on the sentNACK.
 3. The method of claim 1, further comprising appending a payloadheader to the soft combined decrypted payloads and zero padding thefirst cipher stream before generating the second CRC.
 4. The method ofclaim 1, wherein the second CRC is generated by: generating a third CRCbased on the soft combined decrypted payloads; generating a fourth CRCbased on the first cipher stream; and XORing the generated third CRC andthe generated fourth CRC to obtain the second CRC.
 5. The method ofclaim 4, further comprising: appending a header to the soft combineddecrypted payloads before generating the third CRC; and zero padding thefirst cipher stream before generating the fourth CRC.
 6. The method ofclaim 1, wherein a message integrity check (MIC) portion of the firstPDU is decrypted to obtain a first MIC, the method further comprisinggenerating a second MIC based on the soft combined decrypted payloads,the method further comprising determining whether the generated secondMIC passes a MIC check against the first MIC.
 7. A method of wirelesscommunication, comprising: receiving a first packet data unit (PDU) anda first cyclic redundancy check (CRC) that is based on the first PDU,the first PDU being encrypted based on a first nonce; decrypting thefirst PDU to obtain a first payload; obtaining an error bitmap by softcombining the decrypted first payload with a decrypted set of payloads,the set of payloads having been encrypted based on at least one noncedifferent than the first nonce; XORing the received first PDU with theobtained error bitmap to obtain a soft combined encrypted payload;generating a second CRC based on the soft combined encrypted payload;and determining whether the generated second CRC for the soft combinedencrypted payload passes a CRC check against the first CRC.
 8. Themethod of claim 7, further comprising: receiving a set of PDUs;decrypting each PDU in the set of PDUs after the PDU is received toobtain a corresponding decrypted payload of the decrypted set ofpayloads; and sending a negative ACK (NACK), after failing to properlyvalidate a received CRC against a calculated CRC, indicating that thePDU was improperly received, wherein the first PDU is received based onthe sent NACK.
 9. The method of claim 7, wherein a message integritycheck (MIC) portion of the first PDU is decrypted to obtain a first MIC,the method further comprising generating a second MIC based on the softcombined decrypted payloads, wherein the ACK is sent when both thegenerated second CRC passes the CRC check against the first CRC and thegenerated second MIC passes a MIC check against the first MIC.
 10. Anapparatus for wireless communication, comprising: means for receiving afirst packet data unit (PDU) and a first cyclic redundancy check (CRC)that is based on the first PDU, the first PDU being encrypted based on afirst nonce; means for decrypting the first PDU to obtain a firstpayload and a first cipher stream; means for soft combining thedecrypted first payload with a decrypted set of payloads, the set ofpayloads having been encrypted based on at least one nonce differentthan the first nonce; means for generating a second CRC based on thesoft combined decrypted payloads and based on the first cipher stream;and means for determining whether the generated second CRC for the softcombined decrypted payloads passes a CRC check against the first CRC.11. The apparatus of claim 10, further comprising: means for receiving aset of PDUs; means for decrypting each PDU in the set of PDUs after thePDU is received to obtain a corresponding decrypted payload of thedecrypted set of payloads; and means for sending a negative ACK (NACK),after failing to properly validate a received CRC against a calculatedCRC, indicating that the PDU was improperly received, means for whereinthe first PDU is received based on the sent NACK.
 12. The apparatus ofclaim 10, further comprising means for appending a payload header to thesoft combined decrypted payloads and zero padding the first cipherstream before generating the second CRC.
 13. The apparatus of claim 10,further comprising: means for generating a third CRC based on the softcombined decrypted payloads; means for generating a fourth CRC based onthe first cipher stream; and means for XORing the generated third CRCand the generated fourth CRC to obtain the second CRC.
 14. The apparatusof claim 13, further comprising: means for appending a header to thesoft combined decrypted payloads before generating the third CRC; andmeans for zero padding the first cipher stream before generating thefourth CRC.
 15. The apparatus of claim 10, wherein a message integritycheck (MIC) portion of the first PDU is decrypted to obtain a first MIC,further comprising means for generating a second MIC based on the softcombined decrypted payloads, the method further comprising means fordetermining whether the generated second MIC passes a MIC check againstthe first MIC.
 16. An apparatus for wireless communication, comprising:means for receiving a first packet data unit (PDU) and a first cyclicredundancy check (CRC) that is based on the first PDU, the first PDUbeing encrypted based on a first nonce; means for decrypting the firstPDU to obtain a first payload; means for obtaining an error bitmap bysoft combining the decrypted first payload with a decrypted set ofpayloads, the set of payloads having been encrypted based on at leastone nonce different than the first nonce; means for XORing the receivedfirst PDU with the obtained error bitmap to obtain a soft combinedencrypted payload; means for generating a second CRC based on the softcombined encrypted payload; and means for determining whether thegenerated second CRC for the soft combined encrypted payload passes aCRC check against the first CRC.
 17. The apparatus of claim 16, furthercomprising: means for receiving a set of PDUs; means for decrypting eachPDU in the set of PDUs after the PDU is received to obtain acorresponding decrypted payload of the decrypted set of payloads; andmeans for sending a negative ACK (NACK), after failing to properlyvalidate a received CRC against a calculated CRC, indicating that thePDU was improperly received, wherein the first PDU is received based onthe sent NACK.
 18. The apparatus of claim 16, wherein a messageintegrity check (MIC) portion of the first PDU is decrypted to obtain afirst MIC, further comprising means for generating a second MIC based onthe soft combined decrypted payloads, wherein the ACK is sent when boththe generated second CRC passes the CRC check against the first CRC andthe generated second MIC passes a MIC check against the first MIC. 19.An apparatus for wireless communication, comprising: a memory; and atleast one processor coupled to the memory and configured to: receive afirst packet data unit (PDU) and a first cyclic redundancy check (CRC)that is based on the first PDU, the first PDU being encrypted based on afirst nonce; decrypt the first PDU to obtain a first payload and a firstcipher stream; soft combine the decrypted first payload with a decryptedset of payloads, the set of payloads having been encrypted based on atleast one nonce different than the first nonce; generate a second CRCbased on the soft combined decrypted payloads and based on the firstcipher stream; and determine whether the generated second CRC for thesoft combined decrypted payloads passes a CRC check against the firstCRC.
 20. The apparatus of claim 19, wherein the at least one processoris further configured to: receive a set of PDUs; decrypt each PDU in theset of PDUs after the PDU is received to obtain a correspondingdecrypted payload of the decrypted set of payloads; and send a negativeACK (NACK), after failing to properly validate a received CRC against acalculated CRC, indicating that the PDU was improperly received, whereinthe first PDU is received based on the sent NACK.
 21. The apparatus ofclaim 19, wherein the at least one processor is further configured toappend a payload header to the soft combined decrypted payloads and zeropadding the first cipher stream before generating the second CRC. 22.The apparatus of claim 19, wherein to generate the second CRC the atleast one processor is configured to: generate a third CRC based on thesoft combined decrypted payloads; generate a fourth CRC based on thefirst cipher stream; and XOR the generated third CRC and the generatedfourth CRC to obtain the second CRC.
 23. The apparatus of claim 22,wherein the at least one processor is further configured to: append aheader to the soft combined decrypted payloads before generating thethird CRC; and zero pad the first cipher stream before generating thefourth CRC.
 24. The apparatus of claim 19, wherein a message integritycheck (MIC) portion of the first PDU is decrypted to obtain a first MIC,the method further comprising generating a second MIC based on the softcombined decrypted payloads, the method further comprising determiningwhether the generated second MIC passes a MIC check against the firstMIC.
 25. An apparatus for wireless communication, comprising: a memory;and at least one processor coupled to the memory and configured to:receive a first packet data unit (PDU) and a first cyclic redundancycheck (CRC) that is based on the first PDU, the first PDU beingencrypted based on a first nonce; decrypt the first PDU to obtain afirst payload; obtain an error bitmap by soft combining the decryptedfirst payload with a decrypted set of payloads, the set of payloadshaving been encrypted based on at least one nonce different than thefirst nonce; XOR the received first PDU with the obtained error bitmapto obtain a soft combined encrypted payload; generate a second CRC basedon the soft combined encrypted payload; and determine whether thegenerated second CRC for the soft combined encrypted payload passes aCRC check against the first CRC.
 26. The apparatus of claim 25, whereinthe at least one processor is further configured to: receive a set ofPDUs; decrypt each PDU in the set of PDUs after the PDU is received toobtain a corresponding decrypted payload of the decrypted set ofpayloads; and send a negative ACK (NACK), after failing to properlyvalidate a received CRC against a calculated CRC, indicating that thePDU was improperly received, wherein the first PDU is received based onthe sent NACK.
 27. The apparatus of claim 25, wherein a messageintegrity check (MIC) portion of the first PDU is decrypted to obtain afirst MIC, the method further comprising generating a second MIC basedon the soft combined decrypted payloads, wherein the ACK is sent whenboth the generated second CRC passes the CRC check against the first CRCand the generated second MIC passes a MIC check against the first MIC.28. A computer-readable medium storing computer executable code,comprising code to: receive a first packet data unit (PDU) and a firstcyclic redundancy check (CRC) that is based on the first PDU, the firstPDU being encrypted based on a first nonce; decrypt the first PDU toobtain a first payload and a first cipher stream; soft combine thedecrypted first payload with a decrypted set of payloads, the set ofpayloads having been encrypted based on at least one nonce differentthan the first nonce; generate a second CRC based on the soft combineddecrypted payloads and based on the first cipher stream; and determinewhether the generated second CRC for the soft combined decryptedpayloads passes a CRC check against the first CRC.
 29. Acomputer-readable medium storing computer executable code, comprisingcode to: receive a first packet data unit (PDU) and a first cyclicredundancy check (CRC) that is based on the first PDU, the first PDUbeing encrypted based on a first nonce; decrypt the first PDU to obtaina first payload; obtain an error bitmap by soft combining the decryptedfirst payload with a decrypted set of payloads, the set of payloadshaving been encrypted based on at least one nonce different than thefirst nonce; XOR the received first PDU with the obtained error bitmapto obtain a soft combined encrypted payload; generate a second CRC basedon the soft combined encrypted payload; and determine whether thegenerated second CRC for the soft combined encrypted payload passes aCRC check against the first CRC.